iOS XcodeGhost malware FAQ: Am I affected by App Store exploit?

Apple has acknowledged that its iOS App Store has been breached by malware, and has taken decisive steps to eradicate it.

A statement has been provided to TrustedReviews by Apple, which reads as follows:

"Apple takes security very seriously and iOS is designed to be reliable and secure from the moment you turn on your device. We offer developers the industry’s most advanced tools to create great apps. A fake version of one of these tools was posted by untrusted sources which may compromise user security from apps that are created with this counterfeit tool. To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

Here are the key questions answered.

What happened?

The XcodeGhost malware has worked its way into a number of apps on the App Store, making it the first major attack on the store.

The breach was discovered by several cyber security companies, who found that the malicious XcodeGhost program has embedded itself in hundreds of genuine apps.

How did the breach happen?

XcodeGhost’s developers managed to
bypass Apple’s stringent app approval measures by convincing developers
to use a modified version of Apple’s Xcode software.

Hackers had
uploaded altered versions of Xcode to a Chinese cloud storage service.
Attackers then posted download links to the software on Chinese
development forums.

Xcode 7 (via Apple)

“In China – and in other places around the
world – sometimes network speeds are very slow when downloading large
files from Apple’s services,” explains cybersecurity firm Palo Alta
Networks, in a blog post.

It continues: “As the standard Xcode
installer is nearly three gigabytes, some Chinese developers choose to
download the package from other sources.”

An Apple spokesperson also provided TrustedReviews with this information: "In addition to downloading counterfeit versions of Xcode, many developers also disabled Gatekeeper on their Macs."

Gatekeeper is a feature used to flag malicious software embedded in applications, and developers removing this would certainly have helped to facilitate this breach.

It's also worth noting that while iOS is genuinely thought of as secure, a breach can have serious implications due to the lack of anti-malware software available on the platform.

The spokesperson continues: "Apple’s ‘walled garden’ approach does make it harder for cybercriminals to compromise apps, but if something does slip through the net, as in this case, there’s no protection available because Apple doesn’t provide third-party developers with the means to develop anti-malware protection for iOS."

What does XcodeGhost do and how serious is this?

It seems the malware itself has limited functionality, with no evidence of data theft or wider harm having been discovered, but there are dangers all the same.

The way in which XcodeGhost managed to work its way into Apple’s famously secure App Store opens up a new avenue of attack for hackers.

It’s also not yet clear the extent to which a customer’s security may be compromised by XcodeGhost.

However, we do know what sort of information can be collected by XcodeGhost:

Current time

Infected app name

App's bundle identifier

Device name and type

Language and country of device

Device UUID

Network type

XcodeGhost also has a number of actions it can perform:

Send fake alert dialogs

Hi-jack opening URLs

Read/write data to clipboard

These actions could have very serious implications if a nefarious third party acted on them.

For instance, fake dialogs could trick a user into handing over false information. It could also act as ransomware, extorting cash from a user.

Also, the fact that the app can read from the clipboard means that if you copy and paste your passwords, they could be compromised very easily.

Free Newsletter

Get TrustedReviews' award-winning reviews, opinions and advice delivered to your inbox for free!

By submitting your details, you'll also receive emails from Time Inc. UK, publisher of Trusted Reviews and
other iconic brands about its goods and services, and those of its carefully selected third parties.

Please tick here if you'd prefer not to hear about:

Time Inc.'s goods & services, including all the latest news, great deals and offers

Free Newsletter

Get TrustedReviews' award-winning reviews and advice delivered to your inbox for free!

By submitting your details, you'll also receive emails from Time Inc. UK, publisher of Trusted Reviews and
other iconic brands about its goods and services, and those of its carefully selected third parties.

Please tick here if you'd prefer not to hear about:

Time Inc.'s goods & services, including all the latest news, great deals and offers